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DETAILED ACTION 

Response to Amendment 

This office action is in response to amendments and remarks n filed on October 17, 2009. 
Claims 1-6 and 8-18 are pending for consideration. 

Response to Arguments 

Applicant's arguments filed on October 17, 2009 have been fully considered but they are 
not persuasive because of the following reasons: 

Regarding Claims 1-6 and 8-18 applicants argued that the system of cited prior arts 
(CPA) [Togawa, Drake] does not teach, "outputting instructions that obtain the results and 
provide the results for a user and that prompt the user as to whether the countermeasure 
instructions should be executed." Togawa, alone or in combination with Drake, does not teach or 
suggest this subject matter". 

This is not found persuasive. The system of cited prior art teaches a virus destroying 
system and method of computer software that involves using anti-spy techniques within the user 
system, which prevent or hamper eavesdropping on the ID-Data by destroying information 
stored in memory after receiving infected virus trigger information. The system of cited prior art 
teaches security of computer software, automatically detects tampering of software and code, 
reverse engineering, and disassembly, and also prevents executing tracing and debugging by use 
of code designed to detect and prevent these operations (Togawa: ( col. 5 line 39 to line 50, col. 8 
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line 14 to line 40, col. 13 line 8 to line 55, and col. 14 line 8 to line 25, Drake:, col. 3 line 38 to line 
44, col.6 line 10 to line 65; and Watts: col.6 line 10 to line 12)) 

As a result, the system of cited prior arts does implement and teaches a system and 
method for detecting the presence of a computer program for monitoring a user's computer 
activities and countermeasures against such computer software. 

Therefore, the examiner asserts that the system of cited prior arts does teach or suggest 
the subject matter recited in independent and subsequent dependent claims. Accordingly, 
rejections for Claims l-6m and 8-18 are respectfully maintained. 



Claim Rejections - 35 USC § 112 

Previous rejection under e second paragraph of 35 U.S.C. 1 12 has been withdrawn 

Claim Rejections - 35 USC §101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

2. Claim 18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non- statutory subject matter. 

3. Claim 18 are rejected under 35 USC 101 since the claims are directed to non-statutory 
subject matter. Claim 18 are directed towards a service implemented in a machine-accessible and 
readable medium which appears to cover both transitory and non-transitory embodiments. The 
specification merely recites the term "computer readable medium, (i.e. useable medium)" (Page 
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8 and 14), but no specific definition is provided to define this claimed term. The United States 
Patent and Trademark Office (USPTO) is required to give claims their broadest reasonable 
interpretation consistent with the specification during proceedings before the USPTO. See In re 
Zletz, 893 F.2d 319 (Fed. Cir. 1989) (during patent examination the pending claims must be 
interpreted as broadly as their terms reasonably allow). The broadest reasonable interpretation of 
a claim drawn to a computer readable medium (also called machine readable medium and other 
such variations) typically covers forms of non-transitory tangible media and transitory 
propagating signals per se in view of the ordinary and customary meaning of computer readable 
media, particularly when the specification is silent . See MPEP 2111.01. When the broadest 
reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 
35 U.S.C. § 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 
1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) 
and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. 
§ 101, Aug. 24, 2009; p. 2. 

4. The Examiner suggests that the Applicant add the limitation "non-transitory machine- 
accessible and readable medium "to the claim(s) in order to properly render the claims in 
statutory form in view of their broadest reasonable interpretation in light of the originally filed 
specification. The examiner also suggests that the specification be amended to include the term 
"non-transitory machine-accessible and readable medium" to avoid a potential objection to the 
specification for a lack of antecedent basis of the claimed terminology." 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1. Claims 1-6, and 8-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Togawa (U. S. Patent 6,240,530).and further in view of Drake (U. S. Patent 6,006,328) and 
further in view of Watts (U. S. Patent No.: 6,240,530). 

2. Regarding Claim 1, Togawa teaches a system for detecting the presence of an observing 
program on a computer system, (Fig. 1-4), the system comprising: 

observer data that includes data descriptive of an observer program, the observer program being 
programmed to observe a user's activities on the computer system by monitoring user input 
entered through a user input device and also operating to create log file from the observing of the 
observer program (col. 5 line 7 to line 39); accessing instructions that access the observer data, 
comparing instructions that compare the observer data with memory data read in from memory 
to determine whether the observer program is present on the computer system (col.4 line 1 to line 
22, col. 8 line 14 to line 30); generating instructions that generate results from the comparing, 
wherein the results generated indicate whether the observer program is present on the computer 
system (col. 5 line 10 to line 38, and col. 8 line 22 to line 30); countermeasure instructions that 
alter the operation of the observer program; and outputting instructions that obtain the results and 
provide the results for a user and that prompt the user as to whether the countermeasure 
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instructions should be executed ( col. 5 line 39 to line 50, col. 8 line 14 to line 40, col. 13 line 8 to 
line 55, and col. 14 line 8 to line 25). 

Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching and temporarily disabling an observer program and using deception (col. 3 
line 38 to line 44, and col. 6 line 10 to line 65). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 
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The system of Togawa and Drake does not explicitly teaches prompting user to start a counter 
measure (i.e. execution of security software), however Watts teach and describe to prompt the 
user as to whether the countermeasure instructions should be executed (col. 6 line 10 to line 12) 
It would have been obvious to combine the prompting ability with the system of Togawa and 
Drake because a prompt interface will provide an improved control during detection of the 
presence of an observing program. 



3. Regarding Claim 16, Togawa teaches a system for detecting the presence of an observing 
program on a computer system, ((Fig. 1-4), the system, comprising: 

a computer system comprising a processor, memory, a user input device and a monitor, wherein 
the memory comprises: observer data that includes data descriptive of an observer program, the 
observer program being programmed to observe a user's activities on the computer system by 
monitoring user input entered through a user input device and also operating to create log file 
from the observing of the observer program(col.5 line 7 to line 39); and means for accessing the 
observer data; means for generating results from the comparison(col.4 line 1 to line 22, col. 8 line 
14 to line 30), wherein the results generated indicate whether the observer program is present on 
the computer system(col.5 line 10 to line 38, and col. 8 line 22 to line 30); means for altering the 
operation of the observer program; and means for outputting the results for a user and for 
prompting the user as to whether the countermeasure instructions should be executed; means for 
outputting the results for a user (col. 5 line 39 to line 50, col. 13 line 8 to line 55, and col. 14 line 8 
to line 25). 
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Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching and temporarily disabling an observer program and using deception (col. 3 
line 38 to line 44, and col. 6 line 10 to line 65,). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

The system of Togawa and Drake does not explicitly teaches prompting user to start a counter 
measure (i.e. execution of security software), however Watts teach and describe to prompt the 
user as to whether the countermeasure instructions should be executed (col. 6 line 10 to line 12) 
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It would have been obvious to combine the prompting ability with the system of Togawa and 
Drake because a prompt interface will provide an improved control during detection of the 
presence of an observing program. 



4. Regarding Claim 17, Togawa teaches a method for detecting the presence of an observing 
program on a computer system, wherein the observing program is programmed to observe a 
user's activities on the computer system by monitoring user input entered through a user input 
device and to create data from the observing on the computer system, the system including 
computer software fro running on the computer system ((Fig. 1-4), the method comprising the 
steps of: 

accessing observer data, the observer data including data descriptive of an observer program, the 
observer program being programmed to observe a user's activities on the computer system by 
monitoring user input entered through a user input device and also operating to create log file 
from the observing of the observer program (col. 5 line 7 to line 39, and(col.4 line 1 to line 22, 
col. 8 line 14 to line 30); generating results from the reading and comparing, wherein the results 
generated indicate whether the observer program is present on the computer system(col.5 line 10 
to line 38, and col. 8 line 22 to line 30); and outputting the results for a user and 
prompting the user as to whether countermeasure instructions should be executed, 
wherein the countermeasure instructions are executable to (1) temporarily disable the observer 
program, (2) permanently disable the observer program, and (3) create decoy observer created 
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data but wherein the observer program continues running ( col. 5 line 39 to line 50, col. 13 line 8 
to line 55, and col. 14 line 8 to line 25). 

Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 3 line 65 to col.4 line 24). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching and temporarily disabling an observer program and using deception (col. 3 
line 38 to line 44, and col. 6 line 10 to line 65). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 
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The system of Togawa and Drake does not explicitly teaches prompting user to start a counter 
measure (i.e. execution of security software), however Watts teach and describe to prompt the 
user as to whether the countermeasure instructions should be executed (col. 6 line 10 to line 12) 
It would have been obvious to combine the prompting ability with the system of Togawa and 
Drake because a prompt interface will provide an improved control during detection of the 
presence of an observing program. 



5. Regarding Claim 18, Togawa teaches a computer-readable medium containing 
instructions for detecting the presence of an observing program on a computer system, wherein 
the instructions are executable to ((Fig. 1-4) comprised of the steps of: 

access observer data, the observer data including data descriptive of an observer program, the 
observer program being programmed to observe a user's activities on the computer system by 
monitoring user input entered through a user input device and also operating to create log file 
from the observing of the observer program(col.5 line 7 to line 39, col.4 line 1 to line 22, col. 8 
line 14 to line 30); generate results from the reading and comparing, wherein the results 
generated indicate whether the observer program is present on the computer system; and 
output the results for a user and prompt the user as to whether countermeasure instructions 
should be executed, wherein the countermeasure instructions are executable to (1) temporarily 
disable the observer program, (2) permanently disable the observer program, and (3) create 
decoy observer created data but wherein the observer program continues running (col. 5 line 10 to 
line 38, and col. 8 line 22 to line 30). 
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Although the system disclosed by Togawa shows all the features of the claimed limitation, but 
Togawa does not specifically disclose searching explicitly observer program as a part of that 
detecting and exterminating viruses on a computer. Togawa discloses a virus extermination 
program installed on the computer memory to detect, identify and destroy certain types of 
viruses on the computer (col. 5 line 39 to line 50, col.13 line 8 to line 55, and col. 14 line 8 to line 
25). 

In an analogous art, Drake, on the other hand discloses computing environment that relates to 
method and apparatus that uses an anti-spy computer code to detect rogue software programs 
that eavesdrop, attack or steal ID-data on the computer. The anti-spy code continuously scans the 
computer memory by comparing its memory image data with known characteristics data to 
detect hot patching and temporarily disabling an observer program and using deception (col. 3 
line 38 to line 44, and col. 6 line 10 to line 65, and col. 19 line 10 to col. 20 line 65). 

Therefore, It would have been obvious to one ordinary skilled in the art at the time of invention 
to combine the teachings of Drake and Togawa, because Drake's method of detection and 
removal of computer spyware (malware or observer program) explicitly involves a comparison 
between known characteristics data with memory data to identify similar data patterns indicating 
the presence of rogue software in the computer. Therefore, the ordinarily skilled artisan would 
conclude that this combination would predictably result in running anti-spyware program on a 
computer to scan the memory for certain spy characteristics in order to detect the presence of 
rogue software programs thereon. 

The system of Togawa and Drake does not explicitly teaches prompting user to start a 
counter measure (i.e. execution of security software), however Watts teach and describe to 
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prompt the user as to whether the countermeasure instructions should be executed (col. 6 line 10 
to line 12) 

It would have been obvious to combine the prompting ability with the system of Togawa and 
Drake because a prompt interface will provide an improved control during detection of the 
presence of an observing program. 



6. Claims 2-6, and 8-15 are rejected applied as above rejecting Claim 1. Furthermore, the 
system of Togawa, and Drake teaches and describes, wherein, 

As per Claim 2, the reading instructions read the memory of the computer system by 
querying the operating system of the computer system for the tasks running and by examining 
task information provided by the operating system (col. 4 line 39 to line 57). 

As per Claim 3 is rejected as above in rejecting claim 1, wherein the outputting 
instructions provide the results to a user through a graphical user interface (col. 5 line 39 to line 
50, col. 13 line 8 to line 55, and col. 14 line 8 to line 25). 

As per Claim 4 is rejected as above in rejecting claim 1, wherein the reading instructions 
read the memory of the computer system by querying the file system of the computer system for 
the files located on storage media and by examining file information provided by the file system 
(col. 19 line 10 to col.20 line 65). 

As per Claim 5 is rejected as above in rejecting claim 1, wherein the reading instructions 
read the memory of the computer system by opening a file located on storage media and by 
examining contents of the file (Togawa: col. 19 line 10 to col.20 line 65). 
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As per Claim 6 is rejected as above in rejecting claim 1, wherein the observer data 
includes data descriptive of a plurality of observer programs and wherein the system compares 
the observer data with the memory data to determine whether any known observer program is 
present (Togawa: col. 19 line 10 to col.20 line 65). 

As per Claim 8 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering observer program 
configuration data (Togawa: col. 19 line 10 to col.20 line 65). 

As per Claim 9 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering a file on the computer system, 
and wherein the countermeasure instructions are executable to (1) temporarily disable the 
observer program, (2) permanently disable the observer program, and (3) create decoy observer 
created data but wherein the observer program continues running (Togawa: col. 5 line 7 to line 
39, col.l31ine 8 to line 56, and col. 19 line 10 to col.20 line 65) and Drake teaches temporarily 
disabling an observer program and using deception (col.3 line 38 to line 44, and col. 6 line 10 to 
line 65). 

As per Claim 10 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by altering reporting data generated by 
the observer program (Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 
to col.20 line 65). 

As per Claim 1 1 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by replacing reporting data generated by 
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the observer program but wherein the observer program continues running (Togawa: col. 5 line 7 
to line 39, col.l31ine 8 to line 56, and col. 19 line 10 to col.20 line 65). 

As per Claim 12 is rejected as above in rejecting claim 7, wherein the countermeasure 
instructions alter the operation of the observer program by replacing a file of the observer 
program (Togawa: col. 5 line 7 to line 39, col.l31ine 8 to line 56, and col. 19 line 10 to col.20 line 
65). 

As per Claim 13 is rejected as above in rejecting claim 1, wherein the observer data 
includes data descriptive of observing activity typical of observing programs and wherein the 
system compares the observer data with the memory data to determine whether any known 
observer program is present (Togawa col. 5 line 7 to line 39, col.4 line 1 to line 22, col. 8 line 14 
to line 30, col.l31ine 8 to line 56, and Drake: col. 3 line 38 to line 44, and col. 6 line 10 to line 31). 

As per Claim 14 is rejected as above in rejecting claim 1, further comprising the 
observer data, wherein the observer data includes a list of files and modules that are part of the 
observer program software, and wherein the reading instructions read the memory of the 
computer system by querying the operating system of the computer system for the tasks running 
and by examining task information provided by the operating system, and wherein the reading 
instructions also read the memory of the computer system by querying the file system of the 
computer system for the files located on storage media and by examining file information 
provided by the file system, and wherein the outputting instructions provide the results to a user 
through a graphical user interface (Togawa: col. 5 line 7 to line 39, col.4 line 1 to line 22, col. 8 
line 14 to line 30, col.l31ine 8 to line 56, and Drake: and Drake: col. 3 line 38 to line 44, and 
col. 6 line 10 to line 31). 
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As per Claim 15 is rejected as above in rejecting claim 1, wherein the system is made 
available over a computer network through a web site (Fig. 15-17, col. 29 line 40 to col. 31 line 
40). 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on 571-272-7589. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



sz 

August 27, 2010 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



